NY Office - 516-352-7000

NJ Office - 973-257-5558

fna@fnainsurance.com

First National Administrators
FIRST NATIONAL ADMINISTRATORS, INC.

HIPAA NOTICE OF PRIVACY PRACTICES


THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU OR YOUR CLIENTS MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

First National Administrators, Inc. (hereinafter referred to as "Agency", "we", "our" or "us") is committed to protecting the privacy of your health information. In conducting our business, we will create records regarding you and the services we provide to you. A federal law, the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively referred to as “HIPAA”), requires Agency to take reasonable steps to ensure the privacy of your "Protected Health Information" (as defined below) and to provide you with this Notice of Privacy Practices. We will abide by the terms of our Notice of Privacy Practices currently in effect.

This notice describes your rights concerning "Protected Health Information" ("PHI") about you. PHI is information that may identify you and that relates to (a) your past, present, or future physical or mental health or condition or (b) the past, present or future payment for your health care.

It may be necessary to change the terms of this notice in the future. We reserve the right to make changes and to make the new notice effective for all PHI that we maintain about you, including PHI we created or maintained in the past. If we make material changes to our privacy practices, we will provide you with the revised notice.

Uses and Disclosures of Your PHI

This section of the notice explains how Agency uses and discloses your PHI as required or permitted by law. As explained below, in some instances we may request your written authorization to use or disclose PHI.

  1. Required Disclosures. Use and disclosure of your PHI may be required by the Secretary of the Department of Health and Human Services to investigate and/or determine Agency's compliance with HIPAA's privacy regulations.

  2. Uses and Disclosures Related to Treatment, Payment and Health Care Operations. Agency and its business associates may use or disclose PHI for activities related to treatment, payment and health care operations. As described in the next section entitled "Your Privacy Rights", you have the right to request a restriction on the use and disclosure of your PHI for treatment, payment or health care operations purposes.

  3. Other Uses and Disclosures of Your PHI In addition to the uses and disclosures described above, Agency may use or disclose PHI for the following purposes: for public health activities (for example, to alert public health authorities of public health risks such as disease or to report child abuse or neglect); for health oversight activities (for example, to assist in investigations relating to insurance fraud); for data breach notification purposes to provide legally required notices of unauthorized access to or disclosure of your health information; for judicial and administrative proceedings (for example, in response to a subpoena or discovery request); for certain law enforcement purposes (for example, to report a crime); for protection against serious harm (for example, to protect victims of abuse, neglect or domestic violence); for specialized government functions (for example, to assist in national security and intelligence activities); for certain government-approved research purposes (if certain conditions are met); for workers' compensation purposes (for example, when required by workers' compensation laws); to a coroner, medical examiner, or funeral director (to permit them to carry out their legal duties); in order to facilitate organ donations and transplants; when necessary to prevent or lessen a serious and imminent threat to health or safety; or when required to do so by federal, state, or local law. Since we are not a health care provider, we do not engage in treatment of individuals and, accordingly, we will not share your information for such purposes. Examples of activities related to payment include payment of health care claims or collection of premiums. Examples of activities related to health care operations include quality improvement, fraud and abuse prevention and detection, and complaint resolution.

  4. Use and Disclosure to Family Members or Other Personal Representatives. We may disclose PHI to a family member, guardian, executor, administrator or other person identified by you and authorized by law to act on your behalf with respect to health care. When disclosing information to such a person, we will take appropriate steps to verify the identity of such person.

  5. Use and Disclosures to Plan Sponsor (Employer). We may disclose PHI to an employer-sponsor of a group health plan, if applicable, provided that any such plan sponsor certifies: (a) that the information provided will be maintained in a confidential manner and shall not be used for employment related decisions or for other employee benefit determinations or in any other manner not permitted by law; and (b) that the plan documents contain provisions concerning restrictions on how the plan sponsor may use or further disclose PHI.

  6. Use and Disclosure to Contact You Regarding Health-Related Benefits and Services. Agency or its business associates may contact you regarding health-related benefits and services that may be of interest to you but only upon written authorization by you.

  7. Uses and Disclosures to Business Associates. We may disclose PHI to our business associates, such as information systems consultants, production vendors and actuarial consultants, who perform services on our behalf. When we disclose information to a business associate, we will require the business associate to protect the privacy of your PHI through a written agreement with Agency.

  8. Uses and Disclosures That Require Your Written Authorization. Other uses and disclosure of your PHI will be made only with your written authorization, unless otherwise permitted or required by law as described in this notice. You may revoke such authorization at any time, except to the extent Agency or its business associates or other entities have relied on such disclosure.

Other Applicable Law. In the event applicable law, other than HIPAA, prohibits or materially limits our uses and disclosures of PHI, as described above, we will restrict our uses or disclosures of PHI in accordance with the more stringent standard.

Your Written Authorization is Required for Other Uses and Disclosures

The following uses and disclosures of your Protected Health Information will be made only with your written authorization:

1. Uses and disclosures of Protected Health Information for marketing purposes; and
2. Disclosures that constitute a sale of your Protected Health Information

Other uses and disclosures of Protected Health Information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.

Your Privacy Rights

This section of the notice describes your rights as an individual with respect to your PHI and summarizes how you may exercise these rights.

  1. Right to Restrict Uses and Disclosures for Treatment, Payment and Health Care Operations Purposes. You have the right to request that we restrict uses and disclosures of your PHI for activities related to treatment, payment and health care operations as described above. Any such request must be made in writing to the address provided below and must state: (a) what PHI you want restricted; (b) whether the restriction shall apply to the "use" or "disclosure" of PHI, or both; and (c) to whom the restriction applies. Though we will evaluate all requests for restrictions, we are not required to agree to the restriction. If we agree to the restriction, we will abide by it, except in the case of emergency treatment or as required by law. We may terminate our agreement to a restriction if you agree to or request the termination of the restriction. In addition, we may notify you that we are terminating our agreement to a restriction as of a specified date, and that the restriction will no longer apply to PHI created or received by us after such date.

  2. Right to Request Confidential Communications. You may request that we communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may wish to receive communications from us at your work location rather than your home. Any such request must be made in writing to the address provided below and must include a reason in support of your request. We will evaluate all such requests. We are required to accommodate your request for confidential communications if you clearly state that you could be endangered by the disclosure of all or part of your protected health information.

  3. Right to Inspect and Copy Your PHI. You have a right to request access to your PHI in order to inspect or copy PHI that we use to make decisions about you (including medical records and billing records), other than psychotherapy notes or information compiled in reasonable anticipation of, or for use in, a criminal, civil or administrative action or proceeding. Any such request must be made in writing to the address provided below. If we approve your request, we may charge a reasonable fee for such inspection and copying of your PHI unless you need the information for a claim for benefits under the Social Security Act or any other state or federal needs-based benefit program. Under certain circumstances, we may deny your request for access to your PHI. If your request is denied, we will notify you of our reason for the denial and your right to have such denial reviewed, if any.

  4. Right to Amend Your PHI. You have the right to request that we amend PHI that we use to make decisions about you if you believe the information is incorrect or inaccurate. Any such request must be made in writing to the address provided below and must include a reason in support of your request. Under certain circumstances, we may deny your request for amendment of your PHI. If your request is denied, we will notify you of our reason for the denial, your right to submit a written statement of disagreement or to have the request for amendment included with future disclosures, and your right to file a complaint with our Customer Care Center and/or the Secretary of the Department of Health and Human Services. If your request for amendment is granted, we will notify you that the amendment was approved. We will also ask you to identify relevant persons who should be informed of the amendment and ask that you agree to our communication with such persons.

  5. Right to an Accounting of Disclosures. You have the right to receive an accounting of disclosures of your PHI made by Agency during the six years (or shorter period of time designated by you) prior to the date of your request. Such requests must be made in writing to the address provided below. The accounting of disclosures will not include disclosures made for treatment, payment and health care operations, disclosures made pursuant to your authorization, disclosures made prior to April 14, 2003 or certain other disclosures. The first request for an accounting of disclosures that you make within any 12-month period is free; however, we may charge you for additional requests within the same 12-month period.

  6. Right to a Copy of Notice of Privacy Practices. You have the right to receive a paper copy of this notice upon request, even if you agreed to receive this notice electronically. You may request a paper copy of our most current notice at any time by contacting our Privacy Officer.

  7. Right to an Electronic Copy of Electronic Medical Records. If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We will make every effort to provide access to your Protected Health Information in the form or format you request, if it is readily producible in such form or format. If the Protected Health Information is not readily producible in the form or format you request your record will be provided in either our standard electronic format or if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.

  8. Right to Get Notice of a Breach. You have the right to be notified upon a breach of any of your unsecured Protected Health Information.

  9. Out-of-Pocket-Payments. If you paid out-of-pocket (or in other words, you have requested that we not bill your health plan) in full for a specific item or service, you have the right to ask that your Protected Health Information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request.

Complaints

You may file a complaint in writing with either our office or the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated within 180 days of a violation of your rights. We will not retaliate against you for filing a complaint.

Additional Information

If you have any questions or need further assistance regarding this notice or to request assistance with any of the items listed above, please call 516-692-8505. The address to send any requests or to file complaints relating to your privacy rights (as described above) is First National Administrators, Inc., Attention: Chief Privacy Officer, 2003 Jericho Turnpike, New Hyde Park, NY 11040.